Skip to content
Log in

Root-cause analysis (RCA)

Definition

A structured method for identifying the underlying systemic cause of a failure rather than its immediate trigger. Common techniques in incident review include five-whys, fishbone (Ishikawa) diagrams, and fault-tree analysis. The goal is to find the cause whose correction prevents recurrence, not the cause that was most visible during the incident.

Related terms

Action item
A specific, time-bound improvement task generated by a post-incident finding. An action item has a named owner, a target completion date, a...
Blameless post-mortem
A cultural approach to post-incident review, popularised in site reliability engineering, in which the analysis focuses on systemic and process failures rather...
Lessons-learned register
A persistent record, maintained by the security programme, that links each post-incident action item to the originating incident, tracks its status, and...
Post-incident activity
The NIST SP 800-61 label for the final phase of the incident response lifecycle. It encompasses evidence retention, lessons-learned meetings, and the...
Timeline reconstruction
The process of ordering digital events from multiple sources into a single chronological account. Requires normalising all timestamps to a common reference...

Explained in

  • Post-Incident Review and Lessons LearnedA structured method for identifying the underlying systemic cause of a failure rather than its immediate trigger. Common techniques in incident review include...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account